frontpage.fyi / frontpage
AT-based link agregator. Mirror of https://github.com/likeandscribe/frontpage
fork atom

Pin actions versions (#304)

* Pin checkout action to commit ID

* Use full commit hash

* Update labeller

* Update go

* actions/cache

* Missed go action

* pnpm

* node

* Add note to copilot instructions

authored by tom.sherman.is and committed by

GitHub bd57b6b0 8b5135d6

+25 -24
unified split
+1
.github/copilot-instructions.md
··· 30 30 - `pnpm exec turbo run --affected type-check` 31 31 - Lexicon changes (`lexicons/**`) trigger Go-based `glot lint` and `glot compat`. 32 32 - Label sync on PRs; `sync-tangled` push job mirrors `main` to tangled.sh (uses secret). 33 + - When adding new actions, prefer fixed SHAs over floating tags for stability. Include the version in a comment. 33 34 34 35 ## Setup / bootstrap 35 36 1. Ensure Node 22.18 available (`nvm use`).
+2 -2
.github/workflows/label.yml
··· 8 8 pull-requests: write 9 9 runs-on: ubuntu-latest 10 10 steps: 11 - - uses: actions/checkout@v4 11 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 12 12 with: 13 13 fetch-depth: 2 14 - - uses: actions/labeler@v5 14 + - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 15 15 with: 16 16 sync-labels: true
+6 -6
.github/workflows/lexicon-check.yml
··· 12 12 runs-on: ubuntu-latest 13 13 steps: 14 14 - name: Checkout code 15 - uses: actions/checkout@v4 15 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 16 16 17 17 - name: Setup Go 18 - uses: actions/setup-go@v5 18 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 19 19 with: 20 20 go-version: "stable" 21 21 cache: true 22 22 23 23 - name: Cache glot binary 24 - uses: actions/cache@v4 24 + uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0 25 25 id: cache-glot 26 26 with: 27 27 path: ~/go/bin/glot ··· 40 40 runs-on: ubuntu-latest 41 41 steps: 42 42 - name: Checkout code 43 - uses: actions/checkout@v4 43 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 44 44 45 45 - name: Setup Go 46 - uses: actions/setup-go@v5 46 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 47 47 with: 48 48 go-version: "stable" 49 49 cache: true 50 50 51 51 - name: Cache glot binary 52 - uses: actions/cache@v4 52 + uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0 53 53 id: cache-glot 54 54 with: 55 55 path: ~/go/bin/glot
+15 -15
.github/workflows/pr.yml
··· 12 12 formatting: 13 13 runs-on: ubuntu-latest 14 14 steps: 15 - - uses: actions/checkout@v4 15 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 16 16 17 17 - name: Install pnpm 18 - uses: pnpm/action-setup@v4 18 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 19 19 20 20 - name: Setup Node.js environment 21 - uses: actions/setup-node@v4 21 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 22 22 with: 23 23 node-version-file: .nvmrc 24 24 cache: "pnpm" ··· 30 30 test: 31 31 runs-on: ubuntu-latest 32 32 steps: 33 - - uses: actions/checkout@v4 33 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 34 34 with: 35 35 fetch-depth: 0 36 36 filter: "blob:none" 37 37 38 38 - name: Cache turbo build setup 39 - uses: actions/cache@v4 39 + uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0 40 40 with: 41 41 path: .turbo 42 42 key: ${{ runner.os }}-turbo-${{ github.sha }} ··· 44 44 ${{ runner.os }}-turbo- 45 45 46 46 - name: Install pnpm 47 - uses: pnpm/action-setup@v4 47 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 48 48 49 49 - name: Setup Node.js environment 50 - uses: actions/setup-node@v4 50 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 51 51 with: 52 52 node-version-file: .nvmrc 53 53 cache: "pnpm" ··· 58 58 lint: 59 59 runs-on: ubuntu-latest 60 60 steps: 61 - - uses: actions/checkout@v4 61 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 62 62 with: 63 63 fetch-depth: 0 64 64 filter: "blob:none" 65 65 66 66 - name: Cache turbo build setup 67 - uses: actions/cache@v4 67 + uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0 68 68 with: 69 69 path: .turbo 70 70 key: ${{ runner.os }}-turbo-${{ github.sha }} ··· 72 72 ${{ runner.os }}-turbo- 73 73 74 74 - name: Install pnpm 75 - uses: pnpm/action-setup@v4 75 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 76 76 77 77 - name: Setup Node.js environment 78 - uses: actions/setup-node@v4 78 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 79 79 with: 80 80 node-version-file: .nvmrc 81 81 cache: "pnpm" ··· 86 86 typecheck: 87 87 runs-on: ubuntu-latest 88 88 steps: 89 - - uses: actions/checkout@v4 89 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 90 90 with: 91 91 fetch-depth: 0 92 92 filter: "blob:none" 93 93 94 94 - name: Cache turbo build setup 95 - uses: actions/cache@v4 95 + uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0 96 96 with: 97 97 path: .turbo 98 98 key: ${{ runner.os }}-turbo-${{ github.sha }} ··· 100 100 ${{ runner.os }}-turbo- 101 101 102 102 - name: Install pnpm 103 - uses: pnpm/action-setup@v4 103 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 104 104 105 105 - name: Setup Node.js environment 106 - uses: actions/setup-node@v4 106 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 107 107 with: 108 108 node-version-file: .nvmrc 109 109 cache: "pnpm"
+1 -1
.github/workflows/tangled.yml
··· 12 12 runs-on: ubuntu-latest 13 13 environment: tangled-sync 14 14 steps: 15 - - uses: actions/checkout@v4.1.7 15 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 16 16 with: 17 17 fetch-depth: 0 18 18 ref: ${{ github.event.pull_request.head.sha }}